| ID |
CVE-2006-0819
|
| Summary |
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 7.8 (as of 18-10-2018 - 16:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
NONE |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
| refmap
via4
|
| bid | 17123 | | bugtraq | 20060313 Secunia Research: Dwarf HTTP Server Source Disclosure andCross-Site Scripting | | misc | http://secunia.com/secunia_research/2006-13/advisory | | osvdb | 23836 | | sectrack | 1015779 | | secunia | 18962 | | sreason | 576 | | vupen | ADV-2006-0937 | | xf | dwarfhttp-extension-information-disclosure(25178) |
|
| Last major update |
18-10-2018 - 16:29 |
| Published |
13-03-2006 - 19:34 |
| Last modified |
18-10-2018 - 16:29 |
